Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Threat actors earlier today published more than 600 malicious packages to the Node Package Manager (npm) index as part of a ...

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.

Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc ...

TanStack has released a detailed postmortem describing a sophisticated supply-chain attack that compromised 42 npm packages ...

The Mini Shai-Hulud worm has resurfaced in one of its largest single-registry waves to date, hitting hundreds of npm packages ...

Microsoft’s GitHub has suffered what appears to be its biggest ever security breach after confirming that attackers ...

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.

Attackers performed an email takeover attack on a dormant maintainer account and published new node-ipc versions containing ...

OpenAI said it found no evidence that user data was accessed after a supply-chain attack involving the TanStack npm library.